Software Development Security. Customer Success Box adopts secure software development practices including stringent change management processes, software code reviews and testing.
Software Development Security. In the event that Consultant conducts application software development for Board, Consultant shall: (a) either make source codes available for review by Board or shall conduct source code scanning using a commercial security tool; (b) cause scans to be conducted annually and at any time significant code changes are made; (c) make scan reports available to Board within two (2) weeks of execution; (d) disclose remediation timelines for high, medium and low risk security code defects; and (e) perform scans before code is implemented in production. Consultant hereby agrees that high risk security code defects may not be implemented in production without written approval from either Board Executive Director or a Deputy Executive Director.
Software Development Security. 11.1 Supplier shall design and implement all its products and Services delivered to Sanoma properly taking into account relevant privacy, internet safety and security related requirements (e.g. privacy and security by design). This means in practice that for any new or changed functionality supplier shall conduct: architectural/design threat analysis and for identified risks define which controls are to be implemented and which risks will be treated in some other jointly agreed way. security and privacy assessment (e.g. internal/external audits or testing) for features that have been flagged as a risky area in threat analysis, or are a part of a security or privacy control. Architectural/design threat analysis should be based on data flow diagrams and cover at the minimum but not limited to Identity and access management Impacted user experience/business logic flows Impacted personal data flows Software dependencies (e.g. third party components, libraries) Deployment architecture Software development pipeline Auditability (e.g. logging) Service/Product lifecycle until retirement
